<img alt="" src="https://secure.weed6tape.com/193471.png" style="display:none;">
Download Solution Brief

Helping Ethereum 2.0 Validators Secure Their Withdrawal Keys

Consensys Codefi and Securosys CloudsHSM provides convenience for Ethereum 2.0 validators to stake their ETH and offers truly enterprise-grade security throughout the Ethereum 2.0 transition period and beyond.  

Why Securosys

ConsenSys’ Codefi Staking provides a user interface for depositing ETH to the Eth2 Beacon Chain, and removes the challenges of operating independent validator nodes. Codefi Staking will rely on Teku, ConsenSys’ Eth2 client for institutional staking.

Integration with the Securosys ecosystem brings the highest level of security to the process, as stakers can seamlessly create keys directly in the Primus Hardware Security Modules (HSMs) and protect them with Securosys’ key control mechanisms

Securosys Primus HSMs are highly reliable, enterprise-grade, backdoor-free, and tamper evident hardware devices. The can be clustered for high-availability in a geo-redundant setup and securely backed up. When on premise operation is not an option, Securosys offers its ISO27001 certified CloudsHSM service. It is powered by multiple geo-redundant data centers that meet the highest operational security standards, including an EMP and attack-proof facility deep in the Swiss mountains. 


Multiple Levels of Authentication and Authorization – Also for Long-term Storage

There are multiple levels of authentication and authorization that ensure that the stakers do not relinquish control over the Eth2 withdrawal keys.  

While Securosys authentication mechanisms ensure security of the keys against external attacks, their safety against various failure factors is also paramount for long-term storage.

Create Your Ethereum 2.0 Withrawal Keys in an HSM – directly from the ConsenSys Codefi Staking API

It is not just any kind of security. It is the highest level of security and also convenience you will get. With the combination of Securosys Hardware Security Modules and Codefi, you seamlessly move from Eth1 to Eth2.



There is no need to trade control for convenience and security. Securosys Smart Key Attributes provide Codefi customers with maximum security and allow them to maintain full control over assets.

Enterprise-grade and scalable

Built on highly resilient and reliable hardware that secures the Swiss financial system, Securosys HSM clusters can process millions of keys and thousands of transactions per second.

Key security done by professionals

Outsource key security to professionals without relinquishing control

Seamless integration with Codefi

Securely create Eth2 keys in the HSM and retrieve staking smart contract payloads, all from the convenience of the Codefi UI.

Flexible multi-authorization setup

The Eth2 multisignature setup cannot be changed until phase 2. The Securosys Smart Key Attributes allow the security policy of each key to be changed at any time, even during the transition period.

Reuse Eth1 keys

Reuse Eth1 keys or any other keys as part of the Eth2 key security policy.



ConsenSys is the leading Ethereum software company. They enable developers, enterprises, and people worldwide to build next-generation applications, launch modern financial infrastructure, and access the decentralized web. Their product suite, composed of Infura, Quorum, Truffle, Codefi, MetaMask, and Diligence, serves millions of users, supports billions of blockchain-based queries for our clients, and has handled billions of dollars in digital assets. Ethereum is the largest programmable blockchain in the world, leading in business adoption, developer community, and DeFi activity. On this trusted, open source foundation, they are building the digital economy of tomorrow.

ConsenSys Codefi is the blockchain application suite powering next-generation commerce and finance. It is their vision to lead the convergence of existing and decentralized financial technologies to create more accessible and equitable financial services for everyone, everywhere. They work with financial institutions, global enterprises, and Ethereum projects to optimize business processes, digitize financial instruments, activate markets and networks, and deploy production-ready blockchain solutions. 

For more information, visit: consensys.net


Use Cases

Enterprise-grade rather than make-belief security

Achieving the highest level of security with other tools like air-gapped laptops, USB keys, HW, or paper wallets is costly because you have to compensate for cheap hardware with expensive operations like key ceremonies, custodial fees, and audits.  

Solution: Outsource as much of the necessary security costs to the purpose-designed hardware and the professionals who run a service on it. 

Change Authorization Setup at any Time

In Eth2 systems it is not possible to change the quorum of a multi-sig address directly. The only way to do this is to transfer the asset to a new address, which won't be possible for Eth2 addresses until Phase 2. So, for example, if an employee leaves the company, their key cannot be revoked - it must be transferred to someone else, with the risk that the employee will retain a copy. 

Solution: Smart Key Attributes - The multi-authorization setup defined in SKA can be securely changed at any time, as long as the required policies for such a change are met. The new setup can be cryptographically verified at any time. 

Distributing new keys with a Multi-signature setup

For those who want to use a multi-signature setup, they need to generate and distribute new keys. 

Solution: They can reuse their Eth1 keys as approval keys for Smart Key Attributes.

Prove that your keys have been created securely

It might be necessary or beneficial for clients to prove that they have created their Eth2 keys securely and/or that they still control them. The former can be achieved by a audited key ceremony, which is costly and, of course, if it was not done initially, cannot be done retroactively. Control of the key is then verified by signing with it, which could potentially expose the key and is operationally costly, especially in the case of a multi-signature setup.

Solution: Key attestation provides cryptographic proof that the key was generated in the HSM, is stored there, has not been exported, and cannot be exported, and also provides proof of key protection through SKA policies.

Get more Information

Contact us to get more information on product features or pricing.

Contact us to get more information on product features or pricing.